Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2e18ba6c5af5
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 58c0c2574c5d
Choose a head ref
  • 2 commits
  • 2 files changed
  • 2 contributors

Commits on Nov 6, 2018

  1. nixos/postgresqlBackup: set to umask to 0077 

    * Ensure that the backup file is only readable by the owner
* Add file permission test to tests
    @markuskowa
    markuskowa committed Nov 6, 2018

    Unverified

    The committer email address is not verified.
    Learn about vigilant mode
    Copy the full SHA
    a0371d4 View commit details

Commits on Nov 14, 2018

  1. Merge pull request #49840 from markuskowa/fix-pgBackup 

    nixos/postgresqlBackup: set to umask to 0077
    @samueldr
    samueldr authored Nov 14, 2018
    Copy the full SHA
    58c0c25 View commit details
Showing with 3 additions and 0 deletions.
  1. +2 −0 nixos/modules/services/backup/postgresql-backup.nix
  2. +1 −0 nixos/tests/postgresql.nix
2 changes: 2 additions & 0 deletions nixos/modules/services/backup/postgresql-backup.nix
View file
Original file line number Diff line number Diff line change
@@ -20,6 +20,8 @@ let
'';

script = ''
umask 0077 # ensure backup is only readable by postgres user
if [ -e ${cfg.location}/${db}.sql.gz ]; then
${pkgs.coreutils}/bin/mv ${cfg.location}/${db}.sql.gz ${cfg.location}/${db}.prev.sql.gz
fi
1 change: 1 addition & 0 deletions nixos/tests/postgresql.nix
View file
Original file line number Diff line number Diff line change
@@ -58,6 +58,7 @@ let
# Check backup service
$machine->succeed("systemctl start postgresqlBackup-postgres.service");
$machine->succeed("zcat /var/backup/postgresql/postgres.sql.gz | grep '<test>ok</test>'");
$machine->succeed("stat -c '%a' /var/backup/postgresql/postgres.sql.gz | grep 600");
$machine->shutdown;
'';